SS
Uploaded bySajib Sen
PPTX, PDF61 views

Leveraging Machine Learning Approach to Setup Software Defined Network(SDN) Controller Rules During DDoS Attack

1) The document discusses setting up a virtual SDN network using Mininet and Open vSwitch to study DDoS attack detection using machine learning. It creates a 3-switch topology and configures basic flow rules. 2) A DDoS ping flood attack is launched on the network from multiple hosts. Network traffic data is collected using sFlow for both normal and attack scenarios. 3) Different machine learning classifiers including Bayes Net, Naive Bayes, and AdaBoost are trained on the data and their performance is compared based on metrics like precision, recall and F-measure. AdaBoost performed the best with 0.934 precision and recall.

Embed presentation

Download to read offline
Leveraging Machine Learning Approach to Setup Software Defined Network(SDN) Controller Rules During DDoS Attack Authors Sajib Sen, Kishor Datta Gupta, and Md Manjurul Ahsan 4/30/18 1
Introduction Figure 1: Different planes and network application in SDN[1] Figure 2: Reactive traffic flow set-up in SDN[1] [1]Niyaz Q, Sun W, Javaid AY, and Alam M. A deep learning approach for network intrusion detection system. International conference wireless networks and mobile communications (WINCOM), pages 258{263, 2016
Introduction Figure 3: OpenVSwitch architecture Figure 4: Packet flow
Introduction Figure 5: sFlow-RT interface
Introduction Figure 6: Traffic monitoring Figure 7: Event handling
Implementation: • To create a virtual network SDN topology: • sudo mn --controller=remote,ip=127.0.0.1,port=6653 --topo=single,3 --mac --switch ovsk • This tells Mininet to start up a 3-host, single-(openvSwitch-based)switch topology, set the MAC address of each host equal to its IP, and point to a remote controller which defaults to the localhost.
Implementation: Figure 8: Setting of Virtual SDN
Flow rules set up in SDN controller: # sudo ovs-ofctl add-flow s1 in_port=1,actions=output:2 # sudo ovs-ofctl add-flow s1 in_port=2,actions=output:1 This will forward packets coming at port 1 to port 2 and vice-verca.
Implementation: • To connect OpenVSwitch to sFlow-RT analyzer: • sudo ovs-vsctl -- --id=@sflow create sflow agent=eth0 target="127.0.0.1:6343" sampling=10 polling=20 -- -- set bridge s1 sflow=@sflow • Here the OpenVSwitch has been connected to sFlow-RT with eth0 as agent and flow switch as s1. • To start: ./sFlow-rt/start.sh and to check the topology of mininet network in sFlow-RT need to visit • http://localhost:8008/metric/127.0.0.1/html • http://localhost:8080/ui/pages/index.html
Implementation: • xterm h1 h2 • on h1 terminal "python -m SimpleHTTPServer 80& • on h2 terminal "ping 10.0.0.1" Figure 9: Ping request to node h1
Implementation: Figure 10: Network packet information in Wireshark
Implementation: Figure 11 : Packet flow in s1-eth0 interface
Implementation: Data Description: No. Features Description 1 Service network service on the destination, e.g., http, telnet, etc. 2 Header length Length of Header data 3 Flags normal (0) or error(1) status of the connection 4 TTL Time to Live 5 Protocol type of the protocol, e.g. tcp, udp, etc. 6 Data bytes Bytes of data needed for certain protocol 7 Epoch Time Time to complete one epoch 8 Reply Response Time Time to give response 9 Land 1 if connection is from/to the same host/port; 0 otherwise
Implementation: • DDoS flood attack: • ping -f 10.0.0.1 command from different MiniNet hosts. • Besides to create flood attack manually, a payload had been created by python code using scapy library. Figure 12: DDoS Attack
Implementation: Figure 13: Ping flood attack to node h1
Implementation: Figure 14: Ping flood packet data in wireshark
Figure 15: Dos attack in sFlow-RT Implementation:
No Techniques Precision Recall F- Measure ROC Area 1 Bayes Net 0.889 0.885 0.885 0.863 2 Naïve Bayes 0.731 0.705 0.693 0.707 3 Multilayer Perceptron 0.836 0.836 0.836 0.834 4 Support Vector Machine(ker nel=3) 0.853 0.852 0.852 0.853 5 AdaBoost (Decision Stump as weak classifier) 0.934 0.934 0.934 0.887 6 J48 decision tree 0.903 0.902 0.901 0.880 7 Random Forest 0.837 0.836 0.836 0.899 Result and Observation:
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Bayes Net Naïve Bayes Multilayer Perceptron Support Vector Machine(kernel=3) AdaBoost(Decision Stump as weak classifier) J48 decision tree Random Forest Comparison of F-measure Among Classifier Result and Observation
• Virtual SDN testbed environment has been created • DoS attack performed on the network • Data collected for both normal and attack scenario. • Model trained and performance compare for different classifier Conclusion
Thank you 4/30/18 21

More Related Content

PDF
Detection and analysis_of_syn_flood_ddos
byOleh Stupak
 
PDF
Network Time Synchronization
byBen Rothke
 
PPTX
NTP Project Presentation
byAndrew McGarry
 
PPTX
Packet flow on openstack
byAchhar Kalia
 
PPTX
WAN Traffic Control
byOfer Ben Yaacov
 
PPTX
NTP Server - How it works?
byDavoud Teimouri
 
PDF
LF_OVS_17_Ingress Scheduling
byLF_OpenvSwitch
 
PDF
OpenStack & OpenDaylight Hands-on Lab Instructions
byMichelle Holley
 
Detection and analysis_of_syn_flood_ddos
byOleh Stupak
 
Network Time Synchronization
byBen Rothke
 
NTP Project Presentation
byAndrew McGarry
 
Packet flow on openstack
byAchhar Kalia
 
WAN Traffic Control
byOfer Ben Yaacov
 
NTP Server - How it works?
byDavoud Teimouri
 
LF_OVS_17_Ingress Scheduling
byLF_OpenvSwitch
 
OpenStack & OpenDaylight Hands-on Lab Instructions
byMichelle Holley
 

What's hot

PDF
DDoS Attack Preparation and Mitigation
byJerod Brennen
 
PDF
TC Flower Offload
byNetronome
 
DOCX
Ccna notes
byMubeen Chughtai
 
PDF
Network time protocol
byMohd Amir
 
PPTX
Basic ntp configuration
byRaghu nath
 
PDF
Open vSwitch Implementation Options
byNetronome
 
PDF
Getting date and time from ntp server with esp8266 node mcu
byElaf A.Saeed
 
PDF
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
byLF_OpenvSwitch
 
ODP
Network for amin
byadnan alshulah
 
PPSX
Adaptation of tcp window
bypriya Nithya
 
PDF
LF_OVS_17_OVN and Containers - An update.
byLF_OpenvSwitch
 
PPTX
Pentesting ntp-17-02-18
byVengatesh Nagarajan
 
PPTX
Byte blower basic setting full_v2
byChen-Chih Lee
 
PPT
Types Of Attack.
byGreater Noida Institute Of Technology
 
PPTX
Beyond TCP: The evolution of Internet transport protocols
byOlivier Bonaventure
 
PDF
Traceroute- A Networking Tool
byAmit Kumar
 
PPTX
Area25 Learning DS1
byAli Hamieh
 
PDF
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel
byLF_OpenvSwitch
 
PDF
Offloading TC Rules on OVS Internal Ports
byNetronome
 
PDF
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
byPavel Odintsov
 
DDoS Attack Preparation and Mitigation
byJerod Brennen
 
TC Flower Offload
byNetronome
 
Ccna notes
byMubeen Chughtai
 
Network time protocol
byMohd Amir
 
Basic ntp configuration
byRaghu nath
 
Open vSwitch Implementation Options
byNetronome
 
Getting date and time from ntp server with esp8266 node mcu
byElaf A.Saeed
 
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
byLF_OpenvSwitch
 
Network for amin
byadnan alshulah
 
Adaptation of tcp window
bypriya Nithya
 
LF_OVS_17_OVN and Containers - An update.
byLF_OpenvSwitch
 
Pentesting ntp-17-02-18
byVengatesh Nagarajan
 
Byte blower basic setting full_v2
byChen-Chih Lee
 
Types Of Attack.
byGreater Noida Institute Of Technology
 
Beyond TCP: The evolution of Internet transport protocols
byOlivier Bonaventure
 
Traceroute- A Networking Tool
byAmit Kumar
 
Area25 Learning DS1
byAli Hamieh
 
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel
byLF_OpenvSwitch
 
Offloading TC Rules on OVS Internal Ports
byNetronome
 
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
byPavel Odintsov
 

Similar to Leveraging Machine Learning Approach to Setup Software Defined Network(SDN) Controller Rules During DDoS Attack

PDF
Empowering SDN with DDoS attack detection: leveraging hybrid machine learning...
byIAESIJAI
 
PPT
Floodlight OpenFlow DDoS
byYoav Francis
 
DOCX
Detecting_and_Mitigating_Botnet_Attacks_in_Software-Defined_Networks_Using_De...
byShakas Technologies
 
PDF
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...
byIRJET Journal
 
PDF
Evaluation of distributed denial of service attacks detection in software def...
byIAESIJAI
 
PDF
Review Paper on Predicting Network Attack Patterns in SDN using ML
byijtsrd
 
DOCX
Entropy based DDos Detection in SDN
byVishal Vasudev
 
PDF
Implementation of ICMP flood detection and mitigation system based on softwar...
byTELKOMNIKA JOURNAL
 
PDF
IRJET- SDN Simulation in Mininet to Provide Security Via Firewall
byIRJET Journal
 
PDF
IRJET- A Study of DDoS Attacks in Software Defined Networks
byIRJET Journal
 
PDF
IRJET- Software Defined Network: DDOS Attack Detection
byIRJET Journal
 
PDF
An ensemble-based approach for effective distributed denial of service attack...
byIAESIJAI
 
PDF
SDN and Mininet: Some Basic Concepts
byEswar Publications
 
PDF
Distributed denial of service (DDoS) attack mitigation in software defined ne...
bymokamojah
 
PDF
Banv
bynetvis
 
PDF
IRJET- Build SDN with Openflow Controller
byIRJET Journal
 
PDF
Optimal software-defined network topology for distributed denial of service a...
byjournalBEEI
 
PDF
Final_Report
byTlhologelo Mphahlele
 
PDF
Security defined routing_cybergamut_v1_1
byJoel W. King
 
PPTX
SDN Demystified, by Dean Pemberton [APNIC 38]
byAPNIC
 
Empowering SDN with DDoS attack detection: leveraging hybrid machine learning...
byIAESIJAI
 
Floodlight OpenFlow DDoS
byYoav Francis
 
Detecting_and_Mitigating_Botnet_Attacks_in_Software-Defined_Networks_Using_De...
byShakas Technologies
 
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...
byIRJET Journal
 
Evaluation of distributed denial of service attacks detection in software def...
byIAESIJAI
 
Review Paper on Predicting Network Attack Patterns in SDN using ML
byijtsrd
 
Entropy based DDos Detection in SDN
byVishal Vasudev
 
Implementation of ICMP flood detection and mitigation system based on softwar...
byTELKOMNIKA JOURNAL
 
IRJET- SDN Simulation in Mininet to Provide Security Via Firewall
byIRJET Journal
 
IRJET- A Study of DDoS Attacks in Software Defined Networks
byIRJET Journal
 
IRJET- Software Defined Network: DDOS Attack Detection
byIRJET Journal
 
An ensemble-based approach for effective distributed denial of service attack...
byIAESIJAI
 
SDN and Mininet: Some Basic Concepts
byEswar Publications
 
Distributed denial of service (DDoS) attack mitigation in software defined ne...
bymokamojah
 
Banv
bynetvis
 
IRJET- Build SDN with Openflow Controller
byIRJET Journal
 
Optimal software-defined network topology for distributed denial of service a...
byjournalBEEI
 
Final_Report
byTlhologelo Mphahlele
 
Security defined routing_cybergamut_v1_1
byJoel W. King
 
SDN Demystified, by Dean Pemberton [APNIC 38]
byAPNIC
 

More from Sajib Sen

PPTX
An empirical study on algorithmic bias
bySajib Sen
 
PPTX
Battery Less Solar Power Controller to Drive Load at Constant Power Irrespect...
bySajib Sen
 
PPTX
PMCN 2017- workshop presentation(Instrumentation for Detecting Cervical Cance...
bySajib Sen
 
PPTX
Equifax data breach
bySajib Sen
 
PPTX
Weka tutorial
bySajib Sen
 
PPTX
A Crowdsourcing Review Technique to Prevent Spreading Fake News
bySajib Sen
 
PPTX
Image Recognition with Neural Network
bySajib Sen
 
PPTX
K-means Clustering
bySajib Sen
 
PPTX
Machine Learning Landscape
bySajib Sen
 
PPTX
Raspberry-Pi GPIO
bySajib Sen
 
PPTX
An Updated Survey on Niching Methods and Their Applications
bySajib Sen
 
PPTX
Binary classification with logistic regression algorithm using hadoop
bySajib Sen
 
An empirical study on algorithmic bias
bySajib Sen
 
Battery Less Solar Power Controller to Drive Load at Constant Power Irrespect...
bySajib Sen
 
PMCN 2017- workshop presentation(Instrumentation for Detecting Cervical Cance...
bySajib Sen
 
Equifax data breach
bySajib Sen
 
Weka tutorial
bySajib Sen
 
A Crowdsourcing Review Technique to Prevent Spreading Fake News
bySajib Sen
 
Image Recognition with Neural Network
bySajib Sen
 
K-means Clustering
bySajib Sen
 
Machine Learning Landscape
bySajib Sen
 
Raspberry-Pi GPIO
bySajib Sen
 
An Updated Survey on Niching Methods and Their Applications
bySajib Sen
 
Binary classification with logistic regression algorithm using hadoop
bySajib Sen
 

Recently uploaded

PDF
Bme manufacturing process module 3 .4648
bysatyabsp44
 
PDF
Module 2 Python progr 1BPLCK105B-by Dr.SV.pdf
bySURESHA V
 
PPTX
410776623-5G 3GPP STANDARED-Overview.pptx
byMohamedshabana38
 
PDF
RisaTakahashi_Food plating referencer: A Visual Plateware Selection System Ba...
byMatsushita Laboratory
 
PPTX
researchproposalpresentation-141127024318-conversion-gate02.pptx
bybcabcu20222025
 
PPT
Unit 1 - SHAPER, MILLING AND GEAR CUTTING MACHINES .ppt
byarivazhaganrajangam
 
PPTX
PVD MNA 501 Recipe Review with understanding
byNritaGaur1
 
PPTX
PEMET 413 COMPOSITE MATERIALS MOD1 LECTURE 3.pptx
byVINAY B
 
PPTX
Slide sur les concepts_Module_5_STP.pptx
bydine46
 
PPTX
Unit 5 - THERMO ELECTRIC ENERGY BASED PROCESSES .pptx
byarivazhaganrajangam
 
PDF
RAMON Scrap quality detection system.pdf
bymohamedassar81
 
PPT
WK3 - Multi Layer Perceptron (1).ppt in machine learning
byhealtheconomics1401
 
PPTX
Forouzan6e_ch09_PPTs_Transport.pptxmcgrawhill
byshaiviadesh
 
PPTX
Chapter4- Continuous-Time Markov Models- Stpchastoc Processes- Dr. Zahedi.pptx
byzahedicourse
 
PPTX
Module 1 AGGREGATES, DEFINITION, TYPES .pptx
bytkmmullonkal
 
PDF
CyberOps_Associate_certificate.pdf-cisco
bySanjayG931395
 
PPT
Steam Power plant Generation anatomy and organs
byVishalSingh995299
 
PPTX
SOFTWARE PROJECT MANAGEMENT PART 1-.pptx
byssuserbafe2d
 
PPTX
Introduction to Physical Metallurgy II.pptx
byOcheriCyril2
 
PPTX
Basic PLC - Solid introduction _ 1 .pptx
byAhmed Ramadan
 
Bme manufacturing process module 3 .4648
bysatyabsp44
 
Module 2 Python progr 1BPLCK105B-by Dr.SV.pdf
bySURESHA V
 
410776623-5G 3GPP STANDARED-Overview.pptx
byMohamedshabana38
 
RisaTakahashi_Food plating referencer: A Visual Plateware Selection System Ba...
byMatsushita Laboratory
 
researchproposalpresentation-141127024318-conversion-gate02.pptx
bybcabcu20222025
 
Unit 1 - SHAPER, MILLING AND GEAR CUTTING MACHINES .ppt
byarivazhaganrajangam
 
PVD MNA 501 Recipe Review with understanding
byNritaGaur1
 
PEMET 413 COMPOSITE MATERIALS MOD1 LECTURE 3.pptx
byVINAY B
 
Slide sur les concepts_Module_5_STP.pptx
bydine46
 
Unit 5 - THERMO ELECTRIC ENERGY BASED PROCESSES .pptx
byarivazhaganrajangam
 
RAMON Scrap quality detection system.pdf
bymohamedassar81
 
WK3 - Multi Layer Perceptron (1).ppt in machine learning
byhealtheconomics1401
 
Forouzan6e_ch09_PPTs_Transport.pptxmcgrawhill
byshaiviadesh
 
Chapter4- Continuous-Time Markov Models- Stpchastoc Processes- Dr. Zahedi.pptx
byzahedicourse
 
Module 1 AGGREGATES, DEFINITION, TYPES .pptx
bytkmmullonkal
 
CyberOps_Associate_certificate.pdf-cisco
bySanjayG931395
 
Steam Power plant Generation anatomy and organs
byVishalSingh995299
 
SOFTWARE PROJECT MANAGEMENT PART 1-.pptx
byssuserbafe2d
 
Introduction to Physical Metallurgy II.pptx
byOcheriCyril2
 
Basic PLC - Solid introduction _ 1 .pptx
byAhmed Ramadan
 

Leveraging Machine Learning Approach to Setup Software Defined Network(SDN) Controller Rules During DDoS Attack

  • 1.
    Leveraging Machine LearningApproach to Setup Software Defined Network(SDN) Controller Rules During DDoS Attack Authors Sajib Sen, Kishor Datta Gupta, and Md Manjurul Ahsan 4/30/18 1
  • 2.
    Introduction Figure 1: Differentplanes and network application in SDN[1] Figure 2: Reactive traffic flow set-up in SDN[1] [1]Niyaz Q, Sun W, Javaid AY, and Alam M. A deep learning approach for network intrusion detection system. International conference wireless networks and mobile communications (WINCOM), pages 258{263, 2016
  • 3.
    Introduction Figure 3: OpenVSwitcharchitecture Figure 4: Packet flow
  • 4.
  • 5.
    Introduction Figure 6: Trafficmonitoring Figure 7: Event handling
  • 6.
    Implementation: • To createa virtual network SDN topology: • sudo mn --controller=remote,ip=127.0.0.1,port=6653 --topo=single,3 --mac --switch ovsk • This tells Mininet to start up a 3-host, single-(openvSwitch-based)switch topology, set the MAC address of each host equal to its IP, and point to a remote controller which defaults to the localhost.
  • 7.
  • 8.
    Flow rules setup in SDN controller: # sudo ovs-ofctl add-flow s1 in_port=1,actions=output:2 # sudo ovs-ofctl add-flow s1 in_port=2,actions=output:1 This will forward packets coming at port 1 to port 2 and vice-verca.
  • 9.
    Implementation: • To connectOpenVSwitch to sFlow-RT analyzer: • sudo ovs-vsctl -- --id=@sflow create sflow agent=eth0 target="127.0.0.1:6343" sampling=10 polling=20 -- -- set bridge s1 sflow=@sflow • Here the OpenVSwitch has been connected to sFlow-RT with eth0 as agent and flow switch as s1. • To start: ./sFlow-rt/start.sh and to check the topology of mininet network in sFlow-RT need to visit • http://localhost:8008/metric/127.0.0.1/html • http://localhost:8080/ui/pages/index.html
  • 10.
    Implementation: • xterm h1h2 • on h1 terminal "python -m SimpleHTTPServer 80& • on h2 terminal "ping 10.0.0.1" Figure 9: Ping request to node h1
  • 11.
    Implementation: Figure 10: Networkpacket information in Wireshark
  • 12.
    Implementation: Figure 11 :Packet flow in s1-eth0 interface
  • 13.
    Implementation: Data Description: No. FeaturesDescription 1 Service network service on the destination, e.g., http, telnet, etc. 2 Header length Length of Header data 3 Flags normal (0) or error(1) status of the connection 4 TTL Time to Live 5 Protocol type of the protocol, e.g. tcp, udp, etc. 6 Data bytes Bytes of data needed for certain protocol 7 Epoch Time Time to complete one epoch 8 Reply Response Time Time to give response 9 Land 1 if connection is from/to the same host/port; 0 otherwise
  • 14.
    Implementation: • DDoS floodattack: • ping -f 10.0.0.1 command from different MiniNet hosts. • Besides to create flood attack manually, a payload had been created by python code using scapy library. Figure 12: DDoS Attack
  • 15.
    Implementation: Figure 13: Pingflood attack to node h1
  • 16.
    Implementation: Figure 14: Pingflood packet data in wireshark
  • 17.
    Figure 15: Dosattack in sFlow-RT Implementation:
  • 18.
    No Techniques PrecisionRecall F- Measure ROC Area 1 Bayes Net 0.889 0.885 0.885 0.863 2 Naïve Bayes 0.731 0.705 0.693 0.707 3 Multilayer Perceptron 0.836 0.836 0.836 0.834 4 Support Vector Machine(ker nel=3) 0.853 0.852 0.852 0.853 5 AdaBoost (Decision Stump as weak classifier) 0.934 0.934 0.934 0.887 6 J48 decision tree 0.903 0.902 0.901 0.880 7 Random Forest 0.837 0.836 0.836 0.899 Result and Observation:
  • 19.
    0 0.1 0.20.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Bayes Net Naïve Bayes Multilayer Perceptron Support Vector Machine(kernel=3) AdaBoost(Decision Stump as weak classifier) J48 decision tree Random Forest Comparison of F-measure Among Classifier Result and Observation
  • 20.
    • Virtual SDNtestbed environment has been created • DoS attack performed on the network • Data collected for both normal and attack scenario. • Model trained and performance compare for different classifier Conclusion
  • 21.